diff --git a/hosts/architect/prosody.nix b/hosts/architect/prosody.nix index 1413ed4..d9a257a 100644 --- a/hosts/architect/prosody.nix +++ b/hosts/architect/prosody.nix @@ -7,17 +7,20 @@ let network = import ./network.nix; in { + architect.firewall = { + openTCP = [ 5222 5269 ]; + }; + services = { prosody = { enable = true; - virtualHosts = { - "${domain}" = { - domain = domain; - enabled = true; - ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem"; - ssl.cert = - "${config.security.acme.certs.${domain}.directory}/fullchain.pem"; - }; + virtualHosts.${domain} = { + inherit domain; + + enabled = true; + ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem"; + ssl.cert = + "${config.security.acme.certs.${domain}.directory}/fullchain.pem"; }; muc = [{ domain = conference_domain; }]; @@ -27,11 +30,16 @@ in #httpInterfaces = [ "wg0" ]; #httpsInterfaces = [ "wg0" ]; }; - }; - services.nginx.virtualHosts."${domain}".enableACME = true; - #services.nginx.virtualHosts."${conference_domain}".enableACME = true; - #services.nginx.virtualHosts."${upload_domain}".enableACME = true; + nginx.virtualHosts = { + "${domain}" = { + enableACME = true; + forceSSL = true; + }; + # "${conference_domain}".enableACME = true; + # "${upload_domain}".enableACME = true; + }; + }; networking.extraHosts = '' ${network.architect-lan} ${domain}